Operational Defect Database

BugZero updated this defect 72 days ago.

Palo Alto Networks | PAN-150023

A fix was made to address an improper authentication vulnerability in PAN-OS that enabled a SAML authenticated attacker to impersonate any other user in the GlobalProtect portal and GlobalProtect gateway when they were configured to use SAML authentication ( CVE-2021-3046 ).

Last update date:

5/2/2024

Affected products:

Pan OS

Affected releases:

No affected releases provided.

Fixed releases:

9.1.9

8.1.19

Description:

The earliest recollection of this bug is traced back to PAN-OS 8.1.19 - May 02, 2024. This bug is fixed in PAN-OS versions 9.1.9, 8.1.19. A fix was made to address an improper authentication vulnerability in PAN-OS that enabled a SAML authenticated attacker to impersonate any other user in the GlobalProtect portal and GlobalProtect gateway when they were configured to use SAML authentication ( CVE-2021-3046 ). A fix was made to address an issue where an improper authentication vulnerability enabled a Security Assertion Markup Language (SAML) authenticated user to impersonate any user in the GlobalProtect portal and GlobalProtect gateway when they were configured to use SAML authentication ( CVE-2021-3046 ). For more information: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-release-notes/pan-os-8-1-addressed-issues/pan-os-8-1-19-addressed-issues https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-release-notes/pan-os-9-1-addressed-issues/pan-os-9-1-9-addressed-issues

Additional Resources / Links

Share:

BugZero® Risk Score

What's this?

Coming soon

Status

Addressed

Learn More

Search:

...